Guides

Email your customers without breaking the rules: a plain guide to PECR

How UK ecommerce stores can email customers legally under PECR and UK GDPR, including consent, the soft opt-in, and the must-haves in every message.

Omniops TeamEcommerce Operations2 June 20266 min read

Am I even allowed to email my own customers?

This is one of the most common worries for a small store owner. You have built a list of people who bought from you, and you want to tell them about a new range or a restock. Then the doubt creeps in: is that allowed, or will it land you in trouble?

The short answer is usually yes, you can email your customers, as long as you follow a few clear rules. In the UK, marketing emails and texts are governed by PECR (the Privacy and Electronic Communications Regulations), which sits alongside UK GDPR. PECR sets the rules for the messages themselves. UK GDPR covers how you handle the personal data behind them. Once you understand how the two fit together, most of the fear goes away.

This guide walks through the basic rule, the exception that covers most ecommerce, and the things every marketing email must include.

The default position under PECR is consent. If you want to send marketing email to an individual, you generally need their permission first.

Consent has a specific meaning here. It has to be a clear, freely given, specific opt-in. That means the person actively chooses to hear from you, usually by ticking an unticked box or otherwise saying yes. A pre-ticked box does not count. Neither does silence, an assumption, or bundling marketing consent into something else they had to agree to. The customer has to make an active choice.

If consent were the only route available, life would be harder for shops. Plenty of people buy from you once without ever ticking a marketing box. The good news is that PECR includes a practical exception built for exactly this situation.

The soft opt-in: emailing existing customers

The soft opt-in lets you email people who have already bought from you, about your own similar products, without collecting fresh marketing consent. It exists because someone who has bought from you reasonably expects to hear from you again about related things.

It only applies when all of these are true:

  • You got their contact details during a sale, or while negotiating a sale, of your own goods or services. A genuine enquiry that did not result in a purchase can count as negotiation, but a list of people who never engaged with you does not.
  • You are only marketing your own similar goods or services. You cannot use the soft opt-in to promote an unrelated business, a partner's products, or something far outside what they bought.
  • You gave them a simple way to opt out when you first collected their details, and you give them an easy opt-out in every message after that.

If any one of those is missing, you fall back to needing consent. So the soft opt-in is not a free pass. It is a narrow, sensible allowance for marketing to your own customers about your own similar range. For most small ecommerce shops, that covers the bulk of what you actually want to send.

What every marketing email must include

Whether you are relying on consent or the soft opt-in, the rules for the message itself are the same. Two things are non-negotiable.

First, every marketing message must identify who is sending it. The recipient should be able to tell at a glance that the email is from your shop, not a mystery sender.

Second, every marketing message must include a working, easy way to unsubscribe. One clear action, no hoops, no asking people to email you and wait. And when someone does opt out, you have to honour it promptly and stop sending. An unsubscribe link that does not work, or a request you sit on, is the kind of thing that turns a minor issue into a real one.

These two are worth getting right because they are simple to check and easy to get wrong when you are moving quickly.

Transactional emails are different

Not every email you send is marketing. Order confirmations, dispatch notes, delivery updates, refund notices, and other genuine service messages are transactional. They are not marketing, so the consent and soft opt-in rules do not restrict them in the same way. You can send an order confirmation to anyone who places an order, because they need it.

The line to watch is promotion. The moment a transactional email starts pushing a sale, a discount code, or a "you might also like" upsell, it stops being purely transactional and starts looking like marketing. Keep service messages about the service, and keep the promotion for your marketing emails, where the consent or soft opt-in rules apply.

A quick word on B2B

If you sell to other businesses, the picture is slightly different. Marketing to corporate bodies, a registered company for example, has more leeway than marketing to individuals or sole traders. But UK GDPR still applies to personal data, so a named person's work email is still personal data you have to handle properly. The safest habit is to treat the consent and soft opt-in thinking as your baseline, then take the extra B2B leeway where it genuinely applies, rather than the other way around.

What this means for a small store, in practice

You do not need a legal team to get this right. For most shops it comes down to a handful of habits. Collect emails honestly, with a clear opt-out at the point you collect them. Keep your marketing to your own similar products when you are relying on the soft opt-in. Identify yourself clearly in every send. Make unsubscribing genuinely easy, and act on opt-outs straight away. Keep your service emails free of promotion. Do those things, and you are on solid ground.

This is also worth thinking about when something sends email on your behalf. Whatever tool you use, the same good practice should be built in: consent or soft opt-in respected, a clear sender, an easy unsubscribe, and opt-outs honoured automatically. Omni is an AI agent for small UK and Ireland stores on WooCommerce, Shopify, and Stripe, and it drafts and sends email on the owner's behalf, so getting this right is part of how it should work, not an afterthought you have to police yourself.

A short, plain disclaimer

This is general information to help you get oriented, not legal advice. The rules can apply differently depending on your exact situation, and they do change over time. If you are unsure about your own setup, check the ICO's guidance or speak to a qualified professional before you rely on it.

Want a hand putting this into practice? See what Omni handles, or start a 30-day trial. Founding places start at £250/month for the first 10 (then £500).

uk-complianceemail-marketingpecrgdprecommercesoft-opt-in
Related Articles
Guides

Returns and refunds law for UK ecommerce, explained simply

A plain guide to UK returns and refunds law for online stores, covering faulty goods under the Consumer Rights Act and the 14-day cooling-off period.

Jun 2, 20266 min read
Guides

The Best AI Customer Service for WooCommerce Stores in 2026

What the best AI customer service for WooCommerce actually looks like in 2026, why most tools are Shopify-first and bolt onto WooCommerce awkwardly, and how to pick one that reads live order data and acts on returns and refunds.

May 31, 202612 min read
Guides

The Best Gorgias Alternative for WooCommerce Stores (2026)

Gorgias is a strong helpdesk, but it's Shopify-first, and its AI Agent doesn't take actions on WooCommerce. Here's what a WooCommerce merchant should actually look for in an alternative, compared fairly.

May 31, 202612 min read

Ready to stop answering the same questions?

30-day no-contract trial. £250/month for the first 10 founding places, then £500. Setup in about a week.

See pricing